Feature #1979
closed
Allow user-defined rules to utilize built-in system aliases
Added by Jim Pingle about 13 years ago.
Updated 16 days ago.
Category:
Aliases / Tables
Plus Target Version:
24.11
Description
It would be useful to have some stock aliases that come by default which are not editable by users. These aliases would be somewhat of an extension to the choices we already have for things like "xxx Subnet" and "xxx Address".
Some ideas:
- Local Networks
- ipv4_private (or perhaps rfc1918) - 192.168.0.0/16, 10.0.0.0/8, and 172.16.0.0/12
- ipv6_linklocal - fe80::/10
- ipv6_private - fc00::/7
- ipv6_multicast - ff00::/8
Having those available would save users from having to look them up, hardcode them, or make their own aliases for the same values on every system.
Files
Indeed, this would be really helpful.
I'd like to push things a bit since this would really help a lot.
Jim P wrote:
Some ideas:
I'm using this one but keeping track with additions/deletions of network segments is a pain.
- ipv4_private (or perhaps rfc1918) - 192.168.0.0/16, 10.0.0.0/8, and 172.16.0.0/12
- ipv6_linklocal - fe80::/10
- ipv6_private - fc00::/7
- ipv6_multicast - ff00::/8
How about a set of aliases covering ports as well?
Having those available would save users from having to look them up, hardcode them, or make their own aliases for the same values on every system.
Any idea when somebody might have time to implement this?
as with anything else - when someone's willing to pay for it, or someone does it and submits a merge request.
Not sure we'd need much in the way of port aliases. We already have a ton of ports in the drop-down list on firewall and NAT rules.
I'd rather pull info from /etc/services into there before I'd want to pre-create port aliases.
And like Chris said, it will happen when funding appears or code appears. It's a nice to have feature but not critical.
IIrc you already can use the names of a port in /etc/services wherever a port is asked.
So instead of typing 80 you can type http and so on.
I made the changes quite some time ago to support this, unless it has been broken moving on with changes it should work.
- Category set to Rules / NAT
- Assignee set to Jim Pingle
- Category changed from Rules / NAT to Aliases / Tables
- Has duplicate Feature #15774: Add user-accessible system aliases added
- Status changed from New to Feedback
- % Done changed from 0 to 100
- Subject changed from Add some default read-only system aliases to Add user-accessible read-only system aliases
- Assignee changed from Jim Pingle to Marcos M
- Target version changed from Future to 2.8.0
- Plus Target Version set to 24.11
The current system aliases such as bogons
can now be used in the GUI. Additional ones (such as the given examples) can be considered/added separately.
The system aliases are listed under Firewall > Aliases > All
.
- Precedes Feature #15776: System Aliases for various reserved networks added
- Subject changed from Add user-accessible read-only system aliases to Allow user-defined rules to utilize built-in system aliases
I moved the additional new system alias definition part to a new issue: #15776
Tested against:
24.11-ALPHA (amd64)
built on Sat Oct 12 15:22:00 UTC 2024
FreeBSD 15.0-CURRENT
When I started typing 'bogons,' the bogons alias was available. However, hovering the alias in the rule doesn't show the list of networks as it does with other aliases.
Please check.
That issue along with some others from other feedback has been fixed for the next build.
This looks good on the latest build.
- Status changed from Feedback to Resolved
Also available in: Atom
PDF